M-Tech Project Attribute-Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud
2 likes97 views
The document proposes an attribute-based storage system that supports secure deduplication of encrypted data in cloud computing. It uses ciphertext-policy attribute-based encryption (CP-ABE) which allows data to be encrypted for access by users with specific attributes, avoiding duplicate storage. A private cloud performs duplicate detection and regeneration of ciphertexts for the same data under different access policies, while a public cloud stores the data. This ensures secure data sharing and prevents wasted storage from duplicative encrypted copies of the same data.
M-Tech Project Attribute-Based Storage Supporting Secure Deduplication of Encrypted Data in Cloud
- 1. Attribute-Based Storage Supporting SecureDeduplication of Encrypted Data in Cloud Abstract Attribute-based encryption (ABE) has been widely used in cloud computing where a data provider outsources his/herencrypted data to a cloud service provider, and can share the data with users possessing specific credentials (or attributes). However,the standard ABE system does not support secure de-duplication, which is crucial for eliminating duplicate copies of identical data inorder to save storage space and network bandwidth. In this paper, we present an attribute-based storage system with securede-duplication in a hybrid cloud setting, where a private cloud is responsible for duplicate detection and a public cloud manages thestorage. Compared with the prior data de-duplication systems, our system has two advantages. Firstly, it can be used to confidentiallyshare data with users by specifying access policies rather than sharing decryption keys. Secondly, it achieves the standard notion ofsemantic security for data confidentiality while existing systems only achieve it by defining a weaker security notion. In addition, we putforth a methodology to modify a ciphertext over one access policy into ciphertexts of the same plaintext but under other access policieswithout revealing the underlying plaintext. Existing System: In existing system a data provider Bob intends toupload a file M to the cloud, and share M (file data) with users havingcertain credentials. In order to do so, Bob encrypts M underan access policy A over a set of attributes, and uploadsthe corresponding ciphertext to the cloud, such that onlyusers whose sets of attributes satisfying the access policycan decrypt the ciphertext. Later, another data provider Alice, uploads a ciphertext for the same underlying file Mbut ascribed to a
- 2. different access policy A0. Since the fileis uploaded in an encrypted form, the cloud is not able todiscern that the plaintext corresponding to Alice’s ciphertextis the same as that corresponding to Bob’s, and will storeM twice. Obviously, such duplicated storage wastes storage space and communication bandwidth. Proposed System: In this paper, we present an attribute-based storage systemwhich employs ciphertext-policy attribute-based encryption(CP-ABE) and supports secure deduplication. In the proposed attributed-based system,the same file could be encrypted to different ciphertextsassociated with different access policies, storing only oneciphertext of the file means that users whose attributessatisfy the access policy of a discarded ciphertext (but notthat of the stored ciphertext) will be denied to access thedata that they are entitled to. To overcome this problem,we equip the private cloud with another capability namedciphertext regeneration. For a ciphertext c of a plaintext Mwith access policy A, the private cloud will be provided witha trapdoor key which is generated along with the ciphertextc by a data provider. The private cloud can use the trapdoorkey to convert the ciphertext c with access policy A to anew ciphertext C with another access policy A0 without knowing the underlying message M. Thus, if two dataproviders happen to upload two ciphertexts correspondingto the same file but under different access policies A andA0, the private cloud can regenerate a ciphertext for thesame underlying file with an access policy A UA0 usingthe corresponding trapdoor key and then store the newciphertext instead of the old one in the public cloud.
- 3. System Architecture: Fig.1: System architecture of attribute-based storage withsecure deduplication. Modules: Data Provider: A data provider wants to outsource his/her datato the cloud and share it with users possessing certaincredentials. Attribute Authority (AA): In this system Attribute Authority can generate first Public Key PK and Master Key MK as well The authority executes the algorithm which inputs a set of attributes S(S ⊆ A˜) and creates a Secret Key SK and these keys can be send to authorized User‘s. Cloud: The cloud consists of a public cloud which is in charge of data storage and a private cloud which performs certain computation suchas tag checking.
- 4. User: At the user side, each user can download an item, anddecrypt the ciphertext with the attribute-based private keygenerated by the AA if this user’s attribute set satisfies theaccess structure. Each user checks the correctness of thedecrypted message using the label, and accepts the messageif it is consistent with the label. SYSTEM CONFIGURATION: Hardware requirements: Processer : Any Update Processer Ram : Min 1 GB Hard Disk : Min 100 GB Software requirements: Operating System : Windows family Technology : Java (1.7/1.8) Front-End Technologies : Html, Html-5, JavaScript, CSS. Web Server : Tomcat 7/8 Database (Back – End) : My SQL5.5 IDE : EditPlus Implemented by Development team : Cloud Technologies Website : http://www.cloudstechnologies.in/ Contact : 8121953811, 040-65511811